feat: add postiz temporal

2026-04-05 20:46:30 -05:00
parent 8886dff8fa
commit 2028b93305
7 changed files with 234 additions and 29 deletions
--- a/clusters/cl01tl/helm/postiz/Chart.lock
+++ b/clusters/cl01tl/helm/postiz/Chart.lock
@@ -2,6 +2,9 @@ dependencies:
 - name: app-template
  repository: https://bjw-s-labs.github.io/helm-charts/
  version: 4.6.2
+- name: temporal
+  repository: https://go.temporal.io/helm-charts
+  version: 1.0.0-rc.3
 - name: cloudflared
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 2.4.0
@@ -17,5 +20,5 @@ dependencies:
 - name: volsync-target
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 0.8.0
-digest: sha256:1c7f2f341be8892e4b8e016c34676dee45f35caf75908a0eabe845b5683948c4
-generated: "2026-04-05T19:40:33.153012-05:00"
+digest: sha256:a5d285d997702cefaac9808ac6556a566d7974773c7fb2c7a0defb8f64226443
+generated: "2026-04-05T20:33:43.946895-05:00"
--- a/clusters/cl01tl/helm/postiz/Chart.yaml
+++ b/clusters/cl01tl/helm/postiz/Chart.yaml
@@ -8,8 +8,14 @@ keywords:
 home: https://docs.alexlebens.dev/applications/plex/
 sources:
  - https://github.com/gitroomhq/postiz-app
+  - https://github.com/getsentry/spotlight
  - https://github.com/gitroomhq/postiz-app/pkgs/container/postiz-app
+  - https://github.com/getsentry/spotlight/pkgs/container/spotlight
+  - https://hub.docker.com/r/temporalio/server
+  - https://hub.docker.com/r/temporalio/admin-tools
+  - https://hub.docker.com/r/temporalio/ui
  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
+  - https://github.com/temporalio/helm-charts/tree/main/charts/temporal
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
@@ -21,6 +27,9 @@ dependencies:
    alias: postiz
    repository: https://bjw-s-labs.github.io/helm-charts/
    version: 4.6.2
+  - name: temporal
+    repository: https://go.temporal.io/helm-charts
+    version: 1.0.0-rc.3
  - name: cloudflared
    repository: oci://harbor.alexlebens.net/helm-charts
    version: 2.4.0
--- a/clusters/cl01tl/helm/postiz/templates/elasticsearch.yaml
+++ b/clusters/cl01tl/helm/postiz/templates/elasticsearch.yaml
@@ -0,0 +1,30 @@
+apiVersion: elasticsearch.k8s.elastic.co/v1
+kind: Elasticsearch
+metadata:
+  name: elasticsearch-postiz
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: elasticsearch-postiz
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}``
+spec:
+  # renovate: datasource=docker depName=elasticsearch
+  version: 8.19.8@sha256:e6ef2af8db3269ffd075ebf5e605d62324345d646c4fa201654f648d1cad44a4
+  auth:
+    fileRealm:
+      - secretName: postiz-elasticsearch-secret
+  nodeSets:
+    - name: default
+      count: 2
+      config:
+        node.store.allow_mmap: false
+      volumeClaimTemplates:
+        - metadata:
+            name: elasticsearch-data
+          spec:
+            accessModes:
+              - ReadWriteOnce
+            resources:
+              requests:
+                storage: 5Gi
+            storageClassName: ceph-block
--- a/clusters/cl01tl/helm/postiz/templates/http-route.yaml
+++ b/clusters/cl01tl/helm/postiz/templates/http-route.yaml
@@ -0,0 +1,58 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: temporal-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: temporal-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: traefik-gateway
+      namespace: traefik
+  hostnames:
+    - temporal-ui.alexlebens.net
+  rules:
+    - matches:
+      - path:
+          type: PathPrefix
+          value: /
+      backendRefs:
+        - group: ''
+          kind: Service
+          name: temporal-ui
+          port: 8080
+          weight: 100
+
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: temporal-frontend
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: temporal-frontend
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: traefik-gateway
+      namespace: traefik
+  hostnames:
+    - temporal-frontend.alexlebens.net
+  rules:
+    - matches:
+      - path:
+          type: PathPrefix
+          value: /
+      backendRefs:
+        - group: ''
+          kind: Service
+          name: temporal-frontend
+          port: 80
+          weight: 100
--- a/clusters/cl01tl/helm/postiz/values.yaml
+++ b/clusters/cl01tl/helm/postiz/values.yaml
@@ -10,17 +10,21 @@ postiz:
            repository: ghcr.io/gitroomhq/postiz-app
            tag: v2.21.4@sha256:a339e9ee256537526d0eda19e5919e01fa7649a40596ebec5d9e1389850836bc
          env:
+            - name: JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: postiz-config-secret
+                  key: JWT_SECRET
            - name: MAIN_URL
              value: https://postiz.alexlebens.dev
            - name: FRONTEND_URL
              value: https://postiz.alexlebens.dev
            - name: NEXT_PUBLIC_BACKEND_URL
              value: https://postiz.alexlebens.dev/api
-            - name: JWT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: postiz-config-secret
-                  key: JWT_SECRET
+            - name: BACKEND_INTERNAL_URL
+              value: http://temporal:3000
+            - name: TEMPORAL_ADDRESS
+              value: http://temporal:3000
            - name: DATABASE_URL
              valueFrom:
                secretKeyRef:
@@ -31,10 +35,12 @@ postiz:
                secretKeyRef:
                  name: postiz-valkey-config
                  key: REDIS_URL
-            - name: BACKEND_INTERNAL_URL
-              value: http://localhost:3000
            - name: IS_GENERAL
              value: "true"
+            - name: DISABLE_REGISTRATION
+              value: "false"
+            - name: RUN_CRON
+              value: "true"
            - name: STORAGE_PROVIDER
              value: local
            - name: UPLOAD_DIRECTORY
@@ -67,10 +73,27 @@ postiz:
                  key: secret
            - name: POSTIZ_OAUTH_SCOPE
              value: openid profile email
+            - name: NEXT_PUBLIC_SENTRY_DSN
+              value: http://spotlight:8969/stream
+            - name: SENTRY_SPOTLIGHT
+              value: "1"
          resources:
            requests:
              cpu: 10m
              memory: 1Gi
+    spotlight:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      containers:
+        main:
+          image:
+            repository: ghcr.io/getsentry/spotlight
+            tag: 4.11.3@sha256:be6eb5b5d0df882025dcef138c217d493e6dcb684aebc235bc1b2832eb347c7f
+          resources:
+            requests:
+              cpu: 10m
+              memory: 40Mi
  service:
    main:
      controller: main
@@ -78,24 +101,12 @@ postiz:
        http:
          port: 80
          targetPort: 5000
-  route:
-    main:
-      kind: HTTPRoute
-      parentRefs:
-        - group: gateway.networking.k8s.io
-          kind: Gateway
-          name: traefik-gateway
-          namespace: traefik
-      hostnames:
-        - postiz.alexlebens.net
-      rules:
-        - backendRefs:
-            - name: postiz
-              port: 80
-          matches:
-            - path:
-                type: PathPrefix
-                value: /
+    spotlight:
+      controller: spotlight
+      ports:
+        http:
+          port: 8969
+          targetPort: 8969
  persistence:
    config:
      forceRename: postiz-config
@@ -117,6 +128,94 @@ postiz:
          main:
            - path: /uploads
              readOnly: false
+temporal:
+  server:
+    image:
+      repository: temporalio/server
+      tag: 1.30.2@sha256:d5334ee3ddce1617efbe280a10afc85916cf8d81798415c98988dbda2b46773e
+    metrics:
+      serviceMonitor:
+        enabled: true
+    resources:
+      requests:
+        cpu: 10m
+        memory: 60Mi
+    config:
+      logLevel: "debug,info"
+      persistence:
+        datastores:
+          default:
+            sql:
+              pluginName: postgres12
+              driverName: postgres12
+              databaseName: app
+              connectAddr: postiz-postgresql-18-cluster-rw.postiz:5432
+              user: app
+              existingSecret: postiz-postgresql-18-cluster-app
+              secretKey: password
+              tls:
+                enabled: false
+          visibility:
+            elasticsearch:
+              version: v8
+              url:
+                scheme: http
+                host: elasticsearch-postiz-es-http.postiz:9200
+              logLevel: error
+              indices:
+                visibility: temporal_visibility_v1
+              tls:
+                enabled: false
+    frontend:
+      ingress:
+        enabled: false
+      metrics:
+        serviceMonitor:
+          enabled: true
+      resources:
+        requests:
+          cpu: 10m
+          memory: 60Mi
+    history:
+      metrics:
+        serviceMonitor:
+          enabled: true
+      resources:
+        requests:
+          cpu: 10m
+          memory: 60Mi
+    matching:
+      metrics:
+        serviceMonitor:
+          enabled: true
+      resources:
+        requests:
+          cpu: 10m
+          memory: 60Mi
+    worker:
+      metrics:
+        serviceMonitor:
+          enabled: true
+      resources:
+        requests:
+          cpu: 10m
+          memory: 60Mi
+  admintools:
+    image:
+      repository: temporalio/admin-tools
+      tag: 1.30.2@sha256:024c6473df113e4b220b3caf6056d30964582ffcae6f6e46a1074aa6c67968d3
+    resources:
+      requests:
+        cpu: 10m
+        memory: 60Mi
+  web:
+    image:
+      repository: temporalio/ui
+      tag: 2.48.1@sha256:edb5dd1b3e0ddb35611939dde9b573533afd6fbafbbf077b73c7131a30ca91ff
+    resources:
+      requests:
+        cpu: 10m
+        memory: 60Mi
 postgres-18-cluster:
  mode: recovery
  recovery:
@@ -136,6 +235,10 @@ postgres-18-cluster:
        immediate: true
        schedule: "0 20 15 * * *"
        backupName: garage-local
+  databases:
+    - name: temporal
+      ensure: present
+      owner: app
 valkey:
  valkey:
    auth:
--- a/clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml
+++ b/clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml
@@ -8,7 +8,8 @@ metadata:
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  version: 8.19.8
+  # renovate: datasource=docker depName=elasticsearch
+  version: 8.19.8@sha256:e6ef2af8db3269ffd075ebf5e605d62324345d646c4fa201654f648d1cad44a4
  auth:
    fileRealm:
      - secretName: stalwart-elasticsearch-secret
--- a/clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml
+++ b/clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml
@@ -8,7 +8,8 @@ metadata:
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  version: 8.19.8
+  # renovate: datasource=docker depName=elasticsearch
+  version: 8.19.8@sha256:e6ef2af8db3269ffd075ebf5e605d62324345d646c4fa201654f648d1cad44a4
  auth:
    fileRealm:
      - secretName: tubearchivist-elasticsearch-secret